Spring Boot Actuator – Securing HTTP Endpoints

Introduction

Here we will see example on securing HTTP endpoints in Spring Boot application. Like other sensitive URLs, you should take care to secure HTTP endpoints. If Spring Security is present, endpoints are secured by default using Spring Security’s content-negotiation strategy.

If you wish to configure custom security for HTTP endpoints, for example, only allow users with a certain role to access them, Spring Boot provides some convenient RequestMatcher objects that can be used in combination with Spring Security.